Please support our Tech Talk advertiser:
Featured Entry 
Jan 28th, 2007, 9:51 am
It started with an email from a worried satnav user, Lloyd Reid of Trichromic LLP an IT consultant who knows his way around a computer and knows a virus when his AV software flags one up. The cause for his concern being a newly purchased TomTom GO 910 satnav unit that, once connected to his PC, immediately caused an anti-virus software alert. Not one, but two alerts in fact. The win32.Perlovga.A Trojan and TR/Drop.Small.qp were identified as being resident on the satnav hard drive, within the copy.exe and host.exe files.
That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.
Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.
Also worth repeating is the response that this particular chap got from the TomTom support line, which was simply to let his AV software delete the virus and move on as these ‘are not dangerous’ Trojans. Upon pressing his point that the tech support guy was missing the point, he was told to submit a report to the TomTom website. Being the pushy type, my informer called a TomTom number in the Netherlands but only got the run around and an email address which he complained to, copying me in on the message.
Naturally, having more than a passing interest in the field of IT security, I started investigating immediately. It didn’t take long to find a few scant mentions of one or two other users asking about the same infections, on the same device, in a couple of satnav user forums. It also didn’t take long to discover that there was no real response from TomTom being reported anywhere, no mention on the TomTom website that there was a potential problem (a search for the infected files, virus or even a warning on the TomTom support site flagged no hits at all) and no warnings being given to the public at large.
I made sure that my friendly contact at the PR agency that handles TomTom in the UK was aware of my interest and he promised to pass my questions on to TomTom for a detailed, official, technical comment ASAP. That response was delivered by the end of play the next day. I note, however, that as I write this there is still no official warning on the TomTom site regarding the fact that a number of satnav devices are known to be infected with a virus…
Here is that response in full:
“It has come to our attention that a small, isolated number of TomTom GO 910’s, produced between September and November 2006, may be infected with a virus. The virus is qualified as low risk and can be removed safely with virus scanning software. Appropriate actions have been taken to make sure this is prevented from happening again in the future.
Affected devices
It has been confirmed that a small number of TomTom GO 910 devices, produced between September and November 2006, and shipped with software version 6.51, may be infected with a virus.
Known risks
The viruses that were detected present an extremely low risk to customers’ computers or the TomTom GO 910. To date, no cases of problems caused by the viruses are known.
How to detect the virus
In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and for example a back-up of the content on the device was being made.
What to do when a virus is found
TomTom highly recommends that all TomTom GO 910 customers update their virus scanning software, and if a virus is detected, allow the virus scanning software to remove the ‘host.exe’ file, ‘copy.exe’ file or any other variants.
The above identified files or any variants can safely be removed from the device with virus scanning software, and are NOT to be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger whilst driving with the TomTom GO 910.
Customers that do not have virus scanning software are advised to install virus scanning software. The internet offers many free online virus scanners like Symantec and Kaspersky (www.symantec.com or www.kaspersky.com) that will remove the virus safely from the TomTom GO 910 as soon as it is detected.
Any customers who experience problems or have further questions are welcome to contact our Customer Support department.
===========================================
UPDATE: Monday 29th January Following the publication of this news story, and the interest it has sparked amongst many online and print publications, TomTom has now posted the same statement as above on its website. Sadly, there is no sign of an apology alongside it...
That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.
Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.
Also worth repeating is the response that this particular chap got from the TomTom support line, which was simply to let his AV software delete the virus and move on as these ‘are not dangerous’ Trojans. Upon pressing his point that the tech support guy was missing the point, he was told to submit a report to the TomTom website. Being the pushy type, my informer called a TomTom number in the Netherlands but only got the run around and an email address which he complained to, copying me in on the message.
Naturally, having more than a passing interest in the field of IT security, I started investigating immediately. It didn’t take long to find a few scant mentions of one or two other users asking about the same infections, on the same device, in a couple of satnav user forums. It also didn’t take long to discover that there was no real response from TomTom being reported anywhere, no mention on the TomTom website that there was a potential problem (a search for the infected files, virus or even a warning on the TomTom support site flagged no hits at all) and no warnings being given to the public at large.
I made sure that my friendly contact at the PR agency that handles TomTom in the UK was aware of my interest and he promised to pass my questions on to TomTom for a detailed, official, technical comment ASAP. That response was delivered by the end of play the next day. I note, however, that as I write this there is still no official warning on the TomTom site regarding the fact that a number of satnav devices are known to be infected with a virus…
Here is that response in full:
“It has come to our attention that a small, isolated number of TomTom GO 910’s, produced between September and November 2006, may be infected with a virus. The virus is qualified as low risk and can be removed safely with virus scanning software. Appropriate actions have been taken to make sure this is prevented from happening again in the future.
Affected devices
It has been confirmed that a small number of TomTom GO 910 devices, produced between September and November 2006, and shipped with software version 6.51, may be infected with a virus.
Known risks
The viruses that were detected present an extremely low risk to customers’ computers or the TomTom GO 910. To date, no cases of problems caused by the viruses are known.
How to detect the virus
In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and for example a back-up of the content on the device was being made.
What to do when a virus is found
TomTom highly recommends that all TomTom GO 910 customers update their virus scanning software, and if a virus is detected, allow the virus scanning software to remove the ‘host.exe’ file, ‘copy.exe’ file or any other variants.
The above identified files or any variants can safely be removed from the device with virus scanning software, and are NOT to be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger whilst driving with the TomTom GO 910.
Customers that do not have virus scanning software are advised to install virus scanning software. The internet offers many free online virus scanners like Symantec and Kaspersky (www.symantec.com or www.kaspersky.com) that will remove the virus safely from the TomTom GO 910 as soon as it is detected.
Any customers who experience problems or have further questions are welcome to contact our Customer Support department.
===========================================
UPDATE: Monday 29th January Following the publication of this news story, and the interest it has sparked amongst many online and print publications, TomTom has now posted the same statement as above on its website. Sadly, there is no sign of an apology alongside it...
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 59,674 views, 5 comments, and 1,356 linkbacks. 3 voters have rated this entry an average of 5 out of 5 stars. It was promoted to featured status Jan 28th, 2007.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news privacy research satnav search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
Madaxe | Newbie Poster | May 14th, 2008
•
•
•
•
I have just received my TomTom Go 920T back from TT support as it had a few issues (this is the second time I have got it back from being supposedly repaired, and it has come back from they're workshop with exactly the same Trojan reported allover the net! So either this infection is live and wild inside parts of thier network or I was just unlucky enough to have had my TT attached to this singular infected machine (no chance), as all they did to try to repair the fault was change the battery. We shall see if this resolves the original issue or not... Still, I am fuming that this thing came back with an infection on it. Incompetence springs instantly to mind.
lancslad43 | Newbie Poster | Dec 26th, 2007
•
•
•
•
I'm afraid I have to agree, TOMTOM's customer service is a joke.
I upgraded my maps to the latest version recently only to find that a major road opened 7 years ago was still marked as being under construction.
On examining the downloaded zip file containing the 'New' map I found that all the files inside that zip were dated in mid 2005.
As the update was late 2007 I do not think that 2 year old files are anywhere near new.
Does not surprise me to find out about the virus incident if their knowledge of dates is anything to go by.
I upgraded my maps to the latest version recently only to find that a major road opened 7 years ago was still marked as being under construction.
On examining the downloaded zip file containing the 'New' map I found that all the files inside that zip were dated in mid 2005.
As the update was late 2007 I do not think that 2 year old files are anywhere near new.
Does not surprise me to find out about the virus incident if their knowledge of dates is anything to go by.
Hans Akke | Newbie Poster | May 8th, 2007
•
•
•
•
My experience with TomTom is exactly the same, I have used TomTom on a PDA with4 version of their software. Terrible special the version 3 was not usable. In France for example, You could not use it, it kept stopping. After having a stop You had to reset the unit and give in the route. About their support, I still have questions, without answers from 3 years ago. You can't give it the name of support, they are just intersted in selling systems and new updates for their cards, at a rather high price. Tehy don't bother to answer Your questions.
So I bought a MOI 269+ and now I have a system that keeps running. Although TomTom is Dutch, as I am, I think TomTom is junk.
So I bought a MOI 269+ and now I have a system that keeps running. Although TomTom is Dutch, as I am, I think TomTom is junk.
happygeek | He's The Daddy | Jan 31st, 2007
ilopezgbg | Newbie Poster | Jan 30th, 2007
•
•
•
•
It is interesting to be informed about the risks we are exposed too, even in the Linux world. I am definately more interested in how this could happen.
- Was Tom-Tom's security breached and were the Trojans injected from the outside?
- How did this pass their QA before release?
Just qurious...
- Was Tom-Tom's security breached and were the Trojans injected from the outside?
- How did this pass their QA before release?
Just qurious...
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Guild Wars 2: In-House FAQ (13 Hours Ago)
- UK ISPs agree to throttle illegal music file-sharers (19 Hours Ago)
- Intel To Focus on Devices, Again (1 Day Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (1 Day Ago)
- 5-4-3-2-1 your website in infected (2 Days Ago)
- Botnets boost click-fraud rate (2 Days Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (3 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (4 Days Ago)
- Power-Sipping PC Runs Linux (4 Days Ago)
Related Forum Threads
- Infected by an unknown virus (Viruses, Spyware and other Nasties)
- I have the aim virus too! (Viruses, Spyware and other Nasties)
- Virus is changing taskbar color to gray and disables my sound. HELP! (Viruses, Spyware and other Nasties)
- Virus scanner file(php) cannot be executed (PHP)
- I have an AIM virus and I don't know what to do. (Viruses, Spyware and other Nasties)
- Virus problems.. (Viruses, Spyware and other Nasties)
- Trojan Virus - WinFixer and popups (Viruses, Spyware and other Nasties)
- VX2 virus infection (Viruses, Spyware and other Nasties)
- A virus I can't remove... (Viruses, Spyware and other Nasties)
It is very unlikely that this was an outside attack, and hugely more likely (in my opinion) to have been a case of the quality assurance process, ironically, being to blame. Although it has to be guesswork, so please don't take this as gospel, I am not alone in thinking that a likely scenario is that random units taken off the production line for QA testing were plugged into an infected computer during the process.
The biggest concerns are that the infections are old ones, known about and protected against by the major AV vendors since July 2006, long before the production window here, and the fact that it took this blog posting and the storm of interest that blew up arising from it for TomTom to bother actually putting an advisory on the website to warn its own customers about the potential risk. Even then, the warning (same as posted above) rather poo poo's the whole thing claiming it is a low risk situation. Personally, I don't agree that any Trojan infection is low risk...